Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
1
Replies

RA VPN Error

Leo_Stobbe
Level 1
Level 1

‎05-10-2007 02:21 AM - edited ‎02-21-2020 03:02 PM

Hi Gents,

I have configured 2xRA VPN connections.

ip local pool inside_pool 10.10.105.1-10.10.105.254 mask 255.255.255.0

ip local pool dmz_pool 10.10.104.1-10.10.104.254 mask 255.255.255.0

I have acl restrictions for both pool. Inside_pool has access to inside network:

for instance 10.20.1.0/24

It is working fine.

DMZ_pool has access to dmz servers.

But it doesn't work.

I can manage connecting by RA VPN(dmz_pool). But i can't reach the servers in DMZ. I saw in logs that "no translation group found for outside ip 10.10.104.1 "

Is it normal that ASA asking me about NAT configuration for OUTSIDE?

I do the same for inside_pool, except that access goes to inside interface,not to dmz interface.It is working fine without any nat translation requirements.

Any comments will be appreciated.

Leo

Labels:
0 Helpful
1 Reply 1

mfreijser
Level 1
Level 1

‎05-10-2007 03:18 AM

A nonat access-list from the DMZ to the OUTSIDE should do the trick:

----------------------------------------------

access-list nonat_dmz permit ip 10.10.104.0 255.255.255.0

nat (dmz) 0 access-list nonat_dmz

----------------------------------------------

Note that this will no affect any statics already created for the DMZ-subnet!

Please rate if the post helps!

Regards,

Michael

0 Helpful
Customers Also Viewed These Support Documents